Assessment, Authorization, and Monitoring Policy and Procedures | CA-1

Assessment, Authorization, and Monitoring Policy

MCC recognizes that information security assessment, authorization, and continuous monitoring policies and procedures are vital to reducing information security risks.

Purpose

Assessments and monitoring ensure that information security controls are implemented correctly, working as intended and result in meeting the security requirements for each information resource.

Authorization to operate information resources must be controlled to ensure that residual risks are reviewed and accepted and to ensure that authorized resources satisfy business needs and comply with security, privacy, and accessibility laws and policies.

Scope and Roles

This policy applies to information resources owned or managed by MCC. The intended audience includes the Cybersecurity Manager, Information Resource Owners and Custodians.

Compliance

This policy applies to information resources owned or managed by MCC. The intended audience includes the Cybersecurity Manager, Information Resource Owners and Custodians.

Implementation

The Cybersecurity Manager or their designee is responsible for ensuring that this policy and supporting procedures are periodically reviewed and updated.

Last updated: 5/13/2026

Contact Hours or Questions?

Information on Tech Support